syzbot

 sign-in | mailing list | source | docs
🐞 Open [1492]
Subsystems
🐞 Fixed [6523]
🐞 Invalid [16604]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-use-after-free Read in dtSearch

Status: upstream: reported C repro on 2024/04/29 00:37
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+bd3506d55fa4e2fd9030@syzkaller.appspotmail.com
First crash: 483d, last: 21h40m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: slab-out-of-bounds Read in dtSearch (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] KASAN: slab-use-after-free Read in dtSearch 0 (1) 2024/04/29 00:37
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Read in dtSearch jfs 19 C error done 33 598d 1061d 25/29 fixed on 2024/02/13 12:02
linux-4.14 KASAN: slab-out-of-bounds Read in dtSearch jfs 17 C 2 903d 1062d 0/1 upstream: reported C repro on 2022/09/24 21:35
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch (2) origin:upstream 17 C error 50 81d 255d 0/3 upstream: reported C repro on 2024/12/09 07:03
linux-5.15 KASAN: slab-out-of-bounds Read in dtSearch origin:upstream 19 C error 178 4d07h 480d 0/3 upstream: reported C repro on 2024/04/28 11:04
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch 17 5 361d 423d 0/3 auto-obsoleted due to no activity on 2024/12/03 23:18
linux-4.19 KASAN: slab-out-of-bounds Read in dtSearch 17 C error 1 1062d 1062d 0/1 upstream: reported C repro on 2022/09/24 21:36

Sample crash report:
blkno = 8ed2c, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
ERROR: (device loop0): dbAlloc: the hint is outside the map
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:628:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 5822 Comm: syz-executor179 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtSearch+0x1bde/0x2520 fs/jfs/jfs_dtree.c:628
 jfs_lookup+0x17f/0x410 fs/jfs/namei.c:1461
 lookup_one_qstr_excl+0x126/0x2b0 fs/namei.c:1693
 filename_create+0x297/0x540 fs/namei.c:4083
 do_mkdirat+0xbd/0x3a0 fs/namei.c:4328
 __do_sys_mkdir fs/namei.c:4356 [inline]
 __se_sys_mkdir fs/namei.c:4354 [inline]
 __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4354
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3549acd117
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff68fe9d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3549acd117
RDX: 0000000000004800 RSI: 00000000000001ff RDI: 0000400000000180
RBP: 0000400000000180 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff68fe9e10 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff68fe9e10 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
---[ end trace ]---

Crashes (1494):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/21 12:44 upstream 334426094588 0808a665 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2024/11/13 11:06 upstream f1b785f4c787 62026c85 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/07/22 05:21 upstream 7846b618e0a4 b88348e9 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 03:07 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 02:43 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/10 15:38 upstream f09079bd04a9 5d7e17ca .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/10/31 06:51 upstream 4236f913808c fb888278 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/05/04 16:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/08/19 12:30 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/18 04:31 upstream 8d561baae505 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/17 19:21 upstream 99bade344cfa 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/16 17:53 upstream dfd4b508c8c6 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/16 16:49 upstream dfd4b508c8c6 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/16 15:47 upstream dfd4b508c8c6 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/16 09:42 upstream dfd4b508c8c6 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/16 03:36 upstream ee94b00c1a64 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/15 22:45 upstream ee94b00c1a64 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/15 13:13 upstream 24ea63ea3877 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/15 11:05 upstream 24ea63ea3877 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/15 08:55 upstream 24ea63ea3877 dcc075fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in dtSearch
2025/08/12 15:28 upstream 53e760d89498 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/11 01:20 upstream 8f5ae30d69d7 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/08/03 20:39 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/07/24 05:16 upstream 01a412d06bc5 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/07/14 13:59 upstream 347e9f5043c8 d8fc7335 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2024/05/12 22:08 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in dtSearch
2025/08/15 04:06 linux-next 931e46dcbc7e dcc075fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in dtSearch
2025/08/19 16:49 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/18 07:22 upstream 8d561baae505 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in dtSearch
2025/08/17 00:57 upstream 90d970cade8e 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/08/04 06:28 upstream 352af6a011d5 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/08/01 04:27 upstream 260f6f4fda93 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/23 11:41 upstream 89be9a83ccf1 e1dd4f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/21 10:07 upstream 89be9a83ccf1 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/18 21:57 upstream d786aba32000 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/14 17:18 upstream 347e9f5043c8 d8fc7335 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/14 03:15 upstream 5d5d62298b8b 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/03/27 13:12 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in dtSearch
2025/02/26 22:51 upstream ac9c34d1e45a 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2025/02/05 01:02 upstream d009de7d5428 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2024/08/09 13:57 upstream ee9a43b7cfe2 a83d9288 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KFENCE: out-of-bounds in dtSearch
2024/06/22 05:40 upstream 66cc544fd75c edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/14 16:56 upstream 8ffd015db85f 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtSearch
2025/08/21 02:05 upstream 41cd3fd15263 0b9605c8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/20 21:04 upstream b19a97d57c15 bd178e57 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/20 10:23 upstream b19a97d57c15 79512909 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/20 08:43 upstream b19a97d57c15 79512909 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/19 14:18 upstream be48bcf004f9 523f460e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/17 13:52 upstream 99bade344cfa dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/14 22:22 upstream 0cc53520e68b dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/07 16:23 upstream 6e64f4580381 04cffc22 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/05 06:06 upstream 35a813e010b9 f5bcc8dc .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/05 04:17 upstream 35a813e010b9 f5bcc8dc .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/04 04:49 upstream 352af6a011d5 7368264b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/04 03:37 upstream 352af6a011d5 7368264b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/01 12:36 upstream d6084bb815c4 0c075d67 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/31 03:31 upstream 4b290aae788e f8f2b4da .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/24 16:18 upstream 25fae0b93d1d 65d60d73 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/17 19:00 upstream e2291551827f 0ea0ca3f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/17 06:57 upstream e2291551827f 44f8051e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/12 12:48 upstream 2c4a1f3fe03e 98683f8f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSearch
2024/06/25 22:26 upstream 55027e689933 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-out-of-bounds Read in dtSearch
2025/08/10 21:20 linux-next b1549501188c 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/18 13:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/08/14 18:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 dcc075fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/08/09 10:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/08/06 21:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 4bd24a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
* Struck through repros no longer work on HEAD.